Home › Forums › AWS › AWS Certified Solutions Architect Associate › Confusing question › Reply To: Confusing question
-
You say that
In this setup, the EC2 instance is hosted in a private subnet and acts as an intermediary between users and the Amazon S3 bucket.
but the question also states
Financial information is accessed by users over the Internet
You can’t access instances inside of the private subnet over the internet because there is no routing. That’s why it’s called private in the first place: no IGW.
Even if we assume presence of NAT gateway, it still only allows external traffic and clients can not connect there, unless clients use reverse-proxy connection (that’s wild) with some way of notifying server about new connections. The scenario sounds fun, but it still needs to be clarified.
Source for public/private subnets meanings: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html